OAuth Authentication - An Overview
Zoho Creator's v2 APIs are RESTful APIs that use OAuth 2.0 — an open standard authorization framework that enables client applications to gain limited access to a user's data without giving away the user's password.
|Resource owner or user||An end user who can grant access to your Zoho Creator account's resources|
|Protected resource or scope||The Zoho Creator resource such as the data in your Creator application and its meta-information|
|Client application||A web, mobile or another type of application that requires access to your Creator resources|
|Client ID and client secret||Credentials accorded by Zoho to a client application to authenticate API requests from it|
|Authorization code||A very short-lived code that's accorded to the client application, which can be exchanged for an access token|
|Access token||A short-lived token that allows the client application to access the protected resource|
|Refresh token||A relatively longer-lived token that's used to fetch additional access tokens for the client application|
- The client application requests authorization to access the protected resource owned by the resource owner.
- The resource owner first authenticates the client and then authorizes it to access the requested resource by giving it an authorization code. (Zoho Creator uses the authorization code grant type)
- The client exchanges the authorization code for an access token and optionally a refresh token as well.
- If its identity and authorization code are authenticated, the client receives the said tokens.
- The client requests access to the protected resource by presenting its access token.
- If the access token is valid, the client receives the requested resource.
In OAuth 2.0, scope is a mechanism to limit the client application's access to the protected resources—here, the data in your Creator account and applications.
|ZohoCreator.form.CREATE||To add records in forms|
|ZohoCreator.report.CREATE||To upload files in records that are displayed in reports|
|ZohoCreator.report.UPDATE||To update records that are displayed in reports|
|ZohoCreator.report.DELETE||To delete records that are displayed in reports|
|ZohoCreator.meta.form.READ||To get the information about the fields in a form|
|ZohoCreator.dashboard.READ||To get the list of applications|